Mozilla

CA Program

Case Information

Subject
Include NAVER root certificate
Link to Bugzilla Bug
https://bugzilla.mozilla.org/show_bug.cgi?id=1404221
Case Number
00000261
Case Record Type
CA Root Inclusion Request
CA Owner/Certificate Name
NAVER Cloud
Mozilla Request Status
Complete

CA Address Information

Street
6, Buljeong-ro
City
Seongnam-si
State/Province
Zip/Postal Code
13561
Country
Republic of Korea (South Korea)

General information about CA's associated organization

CA Email Alias 1
CA Owner Information Verified?
Data Verified
Company Website
https://certificate.naver.com/
Organizational Type
 
Geographic Focus
South Korea
Primary Market / Customer Base
Commercial CA offering server and client authentication certs.
Recognized CAA Domains
Problem Reporting Mechanism

Audit Statements

Auditor
Auditor Verified?
Data Verified
Auditor Location
Standard Audit Verified?
Data Verified
Standard Audit Type
WebTrust
Standard Audit Deviation
false
Standard Audit Statement Date
4/28/2020
Standard Audit Comments
Standard Audit Period Start Date
12/1/2018
Standard Audit ALV Comments
Standard Audit Period End Date
11/30/2019
BR Audit Verified?
Data Verified
BR Audit Type
WebTrust
BR Audit Deviation
false
BR Audit Statement Date
4/28/2020
BR Audit Comments
BR Audit Period Start Date
12/1/2018
BR Audit ALV Comments
BR Audit Period End Date
11/30/2019
EV SSL Audit Statement (Link)
EV SSL Audit Verified?
Not Applicable
EV SSL Audit Type
 
EV SSL Audit Deviation
false
EV SSL Audit Statement Date
 
EV SSL Audit Comments
EV SSL Audit Period Start Date
 
EV SSL Audit ALV Comments
EV SSL Audit Period End Date
 

Policy Documents

Document Repository Description
CPS is provided in Korean and translated into English. Both the Korean and English versions of the CP/CPS are provided here: https://certificate.naver.com/bbs/initCrtfcJob.do

Policy Document Record # 1

Document Type
CP/CPS
Document Verified?
System Verified
Document Last Updated Date
11/28/2019
Associated Trust Bits
Server Authentication
Policy Identifiers
Additional Policy Identifiers
1.2.410.200081.2.2.3.1; 1.2.410.200081.2.2.3.2
Comments
Associated Root Certificates
NAVER Global Root Certification Authority

Policy Document Record # 2

Document Type
CPS
Document Verified?
Complete
Document Last Updated Date
8/28/2020
Associated Trust Bits
Server Authentication
Policy Identifiers
Additional Policy Identifiers
1.2.410.200081.2.2.3.1; 1.2.410.200081.2.2.3.2
Comments
Associated Root Certificates
NAVER Global Root Certification Authority

Policy Document Record # 3

Document Type
CPS
Document Verified?
Complete
Document Last Updated Date
10/7/2020
Associated Trust Bits
Server Authentication; Client Authentication
Policy Identifiers
1.2.410.200081.2.1.1
Additional Policy Identifiers
1.2.410.200081.2.2.3.1; 1.2.410.200081.2.2.3.2; 2.23.140.1.2.1; 2.23.140.1.2.2;
Comments
Associated Root Certificates
NAVER Global Root Certification Authority

Required and Recommended Practices

Required Practices
https://wiki.mozilla.org/CA/Required_or_Recommended_Practices
Required Practices Verified?
Data Verified
CA's Response to Required Practices
1. Publicly Available CP and CPS: CPS section 2
1.1 Revision Table, updated annually: CPS section 1.2
1.2 CAA Domains listed in CP/CPS: CPS section 4.2.4
1.3 BR Commitment to Comply statement in CP/CPS: CPS sections 1.1, 7.1
1.4 CP/CPS Structured According to RFC 3647: CPS section 1.1
2. Audit Criteria: CPS section 8
Audit history may be found in CCADB in the 'File Archive Associations' section of the root cert record.
3. Revocation of Compromised Certificates: CPS section 4.9.1
4. Verifying Domain Name Ownership: CPS section 3.2.2.4
5. Verifying Email Address Control: N/A
6. DNS names go in SAN: CPS Appendix A
7. OCSP: CPS sections 4.9.9, 7.3, Appendix A
8. Network Security Controls: CPS section 6.7

Forbidden and Potentially Problematic Practices

Forbidden Practices
https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices
Forbidden Practices Verified?
Data Verified
CA's Response to Forbidden Practices
1. Long-lived Certificates: CPS sections 3.2.2.7, Appendix A
2. Non-Standard Email Address Prefixes for Domain Ownership Validation: CPS section 3.2.2.4
3. Issuing End Entity Certificates Directly From Roots: CPS section 3.1.1
4. Distributing Generated Private Keys in PKCS#12 Files: CPS sections 3.2.1, 6.2.3
5. Certificates Referencing Local Names or Private IP Addresses: CPS section 3.2.2.5
6. Issuing SSL Certificates for .int Domains: CPS section 3.2.2.4
7. OCSP Responses Signed by a Certificate Under a Different Root: CPS section 7.3
8. Issuance of SHA-1 Certificates: CPS section 6.1.5
9. Delegation of Domain / Email Validation to Third Parties: CPS section 1.3.1, 1.3.2
Root Case Record # 1

Root Case Information

Root Certificate Name
NAVER Global Root Certification Authority
Root Case No
R00000514
Mozilla Request Status
Complete
Case Number
00000261

Certificate Data Extracted from PEM

Subject
CN=NAVER Global Root Certification Authority; O=NAVER BUSINESS PLATFORM Corp.; C=KR
Issuer
CN=NAVER Global Root Certification Authority; O=NAVER BUSINESS PLATFORM Corp.; C=KR
Valid From
2017 Aug 18
Valid To
2037 Aug 18
Certificate Serial Number
0194301EA20BDDF5C5332AB1434471F8D6504D0D
SHA-1 Fingerprint
8F6BF2A9274ADA14A0C4F48E6127F9C01E785DD1
SHA-256 Fingerprint
88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265
Signature Hash Algorithm
SHA384WithRSA
Public Key Algorithm
RSA 4096 bits
SPKI SHA256
786FFA578618C3B9A311175E50816F4DDA0605C3869F296EBC5943BF09F4E904
Subject + SPKI SHA256
B2070FFAC9FF38611868D49E935FEDAEE513B7962568F3DE01EAD05E0A0D3027

Audits that apply to this Root Certificate

Standard Audit
Checked
Applicable Audits Verified?
Data Verified
BR Audit
Checked
EV SSL Audit
Not Checked

Application Information

Explanation
CA is new to Mozilla's program.
Application Information Verified?
Data Verified
Role
NAVER secure CA plans to issue SSL certificates to customers from around the world. The certification services will be provided for users of NAVER portal services first but would be expanded externally after inclusion in Mozilla's root store.
Root Certificate Download URL
https://bugzilla.mozilla.org/attachment.cgi?id=8979809

Mozilla Fields

Mozilla Trust Bits
Websites
Mozilla Fields Verified?
Data Verified
SSL Validation Type
DV; OV
Mozilla EV Policy OID(s)
Not EV
Mozilla Applied Constraints

CA Hierarchy Information

Cross-Signed by another Root Cert?
Not Checked
PKI Hierarchy Verified?
Data Verified
Has Externally Operated SubCAs?
Not Checked
CP/CPS allows Ext Operated SubCAs?
Not Checked
Has External Registration Authorities?
Not Checked
CP/CPS allows External RAs?
Not Checked
Description of PKI Hierarchy
CPS sections 1.2, 1.3
This root cert signs internally-operated intermediate certs.
https://certificate.naver.com/bbs/certificateList.do
Constraints on External SubCAs and RAs
CPS section 1.3.2 says: "All the RA functions will be performed by the NAVER BUSINESS PLATFORM".

Test Websites or Example Cert

Test Website - Valid
https://test-certificate.naver.com
Test Websites Verified?
Data Verified
Test Website - Expired
https://test2-certificate.naver.com
Test Website - Revoked
https://test1-certificate.naver.com
Test Notes

Test Results (When Requesting the SSL/TLS Trust Bit)

Revocation Tested
https://certificate.revocationcheck.com/test-certificate.naver.com no errors
Test Results Verified?
Data Verified
CA/Browser Forum Lint Test
Lint testing performed: https://bugzilla.mozilla.org/show_bug.cgi?id=1404221#c10
Test Website Lint Test
Lint testing performed: https://bugzilla.mozilla.org/show_bug.cgi?id=1404221#c10
EV Tested
N/A